Lisa Vaas

The vulnerabilities Errata Security found in Apples Safari beta for Windows—within hours of the browsers June 11 launch—are still open, CTO Dave Maynor said in a blog on June 25. “The vulnerabilities found by Errata Security are still present in the Windows version of the Browser,” he wrote. The posting has since been removed, pending […]

The all-in-one device many businesses think is protecting their security likely has a hole as big as a Boeing, according to new research from Calyptix Security. Calyptix Security, in Charlotte, N.C., has discovered that CSRF (cross-site request forgery), a type of vulnerability that typically concerns large sites like Amazon.com, Google and Digg, also affects a […]

Apple has updates out for security problems in WebCore—Mac OS Xs HTML layout engine—and WebKit, the application framework that serves as an underpinning for Apples Safari browser as well as many other Mac applications. Security Update 2007-006 takes care of an HTTP injection bug that occurs in WebCores XMLHttpRequest when its serializing headers into an […]

The allergy to the iPhone security analysts have acquired? IBM Internet Security Systems isn’t buying it. As a matter of fact, Neel Mehta, team leader of the advanced research group at ISS, says the iPhone is going to suffer less from the malware that’s hit Symbian’s OS and Windows Mobile, thanks to the fact that […]

Apples upcoming iPhone: Its a “security nightmare,” it will “turn your security team into zombies,” and Apple is possibly “using the Windows Safari Beta Test to stamp out iPhone security holes.” Or, then again, depending on which iPhone watcher youre paying attention to, the iPhone security is irrelevant compared with “insecure wireless access points, tape […]

An attacker named “Gabriel” claims to have stolen the text of the upcoming “Harry Potter and the Deathly Hallows” from Bloomsbury Publishing by use of a phishing scam. He has published what he claims are all of the plot points—including main characters who get killed and the final outcome of the seven-book series. Gabriel says […]

According to the numbers given in a new report from Microsoft, Windows Vista has blown away all the major enterprise Linux distributions and Mac OS X as far as having the smallest amount of serious security vulnerabilities in the six months since its release. The numbers were compiled by Jeff Jones, the security strategy director […]

Apple has slammed the door shut on denial-of-service attacks and a security bypass that Type 0 routing headers in IPv6 let in. The company on June 20 put out an update, Mac OS X 10.4.10, that addresses the problem by disabling support for the headers. This vulnerability has been left wide open in IPv6 even […]

The security contractor for Los Alamos National Laboratory sent sensitive information on nuclear materials over open, unsecured e-mail networks in January—a security failing ranked among the top of serious threats against national security interests or critical Department of Energy assets. Several Los Alamos National Security officials apparently used open e-mail networks to share classified information […]

Computer Associates’ Top Secret security product for the mainframe blacked out worldwide on June 16, staying dark for 19 hours and bringing down financial institutions such as banks and insurance systems. CA said in a statement that the bug affected approximately 50 customers worldwide and did not introduce any security issues. “It prevented a subset […]